We make security versus productivity trade-offs every day, this is why regular security training can become critical for keeping both companies and customer data safe. For example, should an employee use an encrypted USB stick if they are accessing confidential documents via a hotel’s business centre PC?
Below are some top tips for making your staff more secure wise:
1. Encourage a culture of good personal security
It is important that companies educate and empower staff to make sensible information security judgements when responding to emails and/or sharing job-related information across social media networks. LinkedIn, Twitter and Facebook have all been used by attackers to identify and obtain background information on individuals within an organisation.
2. Treat security and productivity separately
Produce separate documentation for security and productivity policies, this means staff will be less likely to avoid technical controls and are more likely to respect policies around their lunch breaks and use of the internet.
3. Enforce dual control
Companies of all sizes are being encouraged to use dual control for their most sensitive operations. Even if you have the most unbreakable cryptography and you feel your staff are completely trustworthy, attackers may still go after any “super users” you have as they represent a single point of attack which could result in a potential high reward. Make sure that control is shared by more than one person and all are required to gain access.
4. Keep data classified
With the rise of BYOD and staff accessing documents on the move via their mobile phones, iPad or laptop device, massive amounts of data can leave your organisation within seconds. Encourage your staff to apply and classify protective markings to sensitive assets; this will help them good information security judgements. If sensitive data is properly classified employees will be able to tell if it is safe to read a document on a personal iPad or mobile. You can even edit the settings to help you keep data classified, for example set your device to only edit a document via a remote desktop.
5. Keep on training
It is important that you make sure IT staff; PC support and administrators all receive regular security briefings, as they will be the people in regular contact with employees. IT staff have been found to be the key to developing a secure culture through formal training and demonstrating good security practices in their daily interactions with end users.
Long term security requires a shift in mind-set that can and will only be achieved by regularly staff training.
(image by CarbonNYC)
What training do you currently offer in your organisation? Do you follow and use any of the above tips already?
To be the first to receive our articles, news and white papers, subscribe below.